Please note, the below post is from my personal experience using Zoom, so please configure your Zoom settings as per your own security requirements. I am in no way affiliated to Zoom but I am a keen user of the service.
For those who are not aware of what the Zoom service is, here is a snippet from the Zoom website.
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, collaboration, chat, and webinars across mobile devices, desktops, telephones, and room systems. Zoom Rooms is the original software-based conference room solution used around the world in board, conference, huddle, and training rooms, as well as executive offices and classrooms. Founded in 2011, Zoom helps businesses and organizations bring their teams together in a frictionless environment to get more done. Zoom is a publicly traded company on Nasdaq (ticker: ZM) and headquartered in San Jose, California.
Zoom has become a really popular platform since the outbreak of Corono Virus due to the company providing the ability for individuals, companies and schools to interact with each other online, whilst staying safe at home during this difficult time.
Zoom offer a number of packages which can be located on their website at zoom.us, including a free package with a 40 minute meeting limit. I have found the service really easy and quick to setup, but want to stress that security needs to be taken into account by users of the service. It’s not just a Zoom responsibility.
As we all know with popularity of a service comes attackers, security flaws are found and patched, and risks for users of the service when security is not taken seriously.
Zoom are responsible for resolving bugs and improving the service by releasing security updates, similar to when Microsoft publish new security windows updates for you to patch your windows desktop/laptop/server, but we as users need to take the responsibility for securing our environments, similar to when we set up a strong password to ensure no one can login to our laptop, we install Antivirus/Malware software to protect our devices from viruses, configure disk encryption, and secure the device when it’s not in use.
Like with any online service, Zoom security also needs to be taken seriously and friends who have also started to use Zoom recently have encouraged me to create a post on my personal experience and how I secure my Zoom meetings. I would like to discuss a number of the options available within Zoom which I use personally to secure my Zoom meetings. I may miss a few points but the aim of this post is to get you thinking about security. If you have an idea to share, please do leave a comment towards the end of this post.
ok, so here goes…
1) Don’t publish your meeting ID and password publicly
I have lost count of the number of times I have mentioned this to first time and existing users of Zoom. Have a think before publishing your meeting ID and password to the World without any form of control or registration. It’s like advertising your home address and letting people know that you have left your house key outside under the mat.
If there is no requirement for users to interact with you such as a question and answer session, you could even use the feature to hook up your Zoom meeting to YouTube and advertise your YouTube link to participants. Before setting up a meeting, ask yourself whether you have made every effort to secure your meetings? Do you need to use YouTube Live for this event? As mentioned above, Zoom can be configured to connect to YouTube so your session could be streamed from Zoom to YouTube.
2) Enable waiting room
This is a very useful Zoom feature which will allow you to manually admit participants into the meeting as they arrive. You could also move participants to the waiting room once they have been admitted if there was a requirement to do so (Right click the participant and send participant to waiting room). Or you could right click and remove the participant. If you wish to setup a message for those waiting to be admitted you can do so here by clicking ‘Customize the title, logo, and description’. See screenshot below.
3) Enable encryption
4) Disable Webcam and Mic on Entry
It can be embarrassing when your join a meeting not realising that your webcam is enabled, and then panic to locate the disable web cam button 🙂
The below options will ensure that webcam and mic are off upon participant and host entry.
Once you have started the meeting, there is a feature which will allow you prevent participants from unmuting themselves. I find this feature very useful to prevent participants accidentally unmuting themselves and disturbing the meeting.
To prevent participants from unmuting themselves; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below
Disable the option ‘Allow Participants to Unmute themselves’ as show below. If a participant attempts to unmute their mic, they will receive a message to inform them the mic has been disabled. The host can manually enable the mic for each participant when required. If any of the participants wish to ask a question, there is an option for them to click a button which raises a hand against their name to catch the attention of the Host. At this point the host could unmute the individual participant. Participants could also send a message to the host via Zoom’s chat feature.
Some may be thinking if there is a similar option to prevent participants from enabling Web Cam. At the time of writing this post, there was no option to prevent all participants to enable Webcam. I am hoping Zoom will introduce this feature soon, as it’s a great security feature. In the mean time, if you find a troublesome participant who continuously enables his/her webcam, the host can right click and stop the webcam for the individual participant. The participant will not be able to start their web cam again once it’s been disabled by the host unless the host permits. But this feature is only available to the host once the participant has enabled their web cam, and the host has had the opportunity to disable. This is the one feature I feel that Zoom is lacking and hoping they will release soon.
5) Join before host
Personally, I don’t allow participants to join before the host as I prefer to be the first to join the meeting and be in control over who is joining the meeting. Along with the waiting room option we discussed above, I switch off the below option.
6) Enable passwords for meetings
Always setup a strong password for your meetings and enable the below option in case you forget to setup a password for future meeting scheduling. If someone was to guess a Meeting ID at random, they would be faced with a password prompt. Use the max 10 password length and include a mix of Numbers and Characters, including both uppercase and lowercase.
You can setup a password when creating your meeting. Here is the option:
7) Change your meeting password
If you have setup a reoccurring meeting you will be setup with the same Meeting ID which is useful, but make a habit of changing the password just incase someone has forwarded the password or even lost that piece of paper where the password was documented. Never document passwords on paper and store securely.
8) Embedded password with meeting ID
It’s easy sending out a link to your particpants which includes the meeting ID and password as a one click link to enter the meeting, but I prefer to disable this option and let the particpants type the password manually. I have not had to enable this feature as even non-tech people have managed to join my sessions with the system being easy to use.
9) Password for Participants coming in via Phone
If there is a requirement for any participants to attend the meeting via a dial in number, don’t forget to enable this option so they are prompted to enter using a password. I have never had to use the dial in via phone feature because most join via the internet via laptop/desktop or smart phone using the Zoom Client Meeting app. Please don’t confuse joining via phone as being able to connect via a mobile phone with access to the Internet. This option involves dialing a telephone number to join the meeting. Would come in use for those who don’t have an internet connection but there is an additional cost for this service so please contact Zoom or visit the website.
10) Chat features
Personally, I disable the option to allow participants to send private messages amongst themselves. Including allowing participants to save chat conversation content. I allow for messages to be sent so all on the meeting can view, and participants have the option to send messages directly to the host. A personal choice and depends on your meeting requirements.
If there was a requirement to disable chat for all participants, both private and being able to post a message to everyone within the meeting; start the meeting, click the security shield icon and untick chat.
11) Sharing files
A great feature which allows the host and participants to share files, but I don’t like the idea of sharing files from personal computers and not knowing the state of those personal computers (No Anti Virus, not patched with latest windows updates etc) so I leave this option disabled.
12) Add Co-Hosts
I love this feature and always enable it. It allows the host to enable trusted/known members as co-hosts. Co-hosts can help with moderating participants waiting to be admitted, send them a message or even remove them. Co-Hosts can not promote further participants to co-hosts, as only the host can do this. If there was a requirement to do so the host can assign the host right to another participant. There can only be one host so the permissions would be transferred and the original host would become a normal participant with no moderator permissions. But the good thing is that Zoom have allowed for the original host to revoke permissions and take the host role back at anytime whilst the meeting is in progress.
13) Screen sharing
A great feature to allow the host or co-host to share their screen or switch on Zoom’s whiteboard. I disable the share screen option for participants and allow for hosts/co-hosts only.
14) Annotations
This option allows participants to draw on your shared screen which I disable as there is no requirement for it to be enabled for me personally. But it could be used for fun, or if you were having a brain storming session where all in the meeting were taking part. It’s worth enabling and trying out. The feature can also be disabled from within the meeting if you found that participants were starting to annoy you 🙂
15) Virtual Background
This allows a bit of fun where participants can put up a background of a beach or any other background they wish using a image. We have used this feature and it does put a smile on everyone’s face. Personally, I disable it for participants. When disabled, hosts and co-hosts can still add a background within the meeting by accessing video settings.
16) Use the Lock Meeting Room Feature
Zoom offer a lock meeting room option so once your participants have joined the meeting, you could decide to Lock the meeting so no one else can enter.
To lock a meeting; start the meeting, click participants, click the three dots to the right of ‘Unmute All’. See image below
Click the option Lock Meeting
I hope this helps, and please do comment below if you have an idea to share. Thankyou